Global banks on alert as hackers launch covert ATM heists via malware

Cybercriminals are increasingly using advanced hacking techniques to infiltrate cash machines around the world and steal millions, experts have warned.

A report released this week (26 August) by EU law enforcement agency Europol and cybersecurityfirm Trend Micro analysed recent attacks against ATMs and concluded that criminals are now moving away from traditional heists in favour of network-focused hacks.

“The cat is out of the bag,” the report warned.

“In the past, banks might have thought that network segregation was enough to keep their ATM networks safe from cyber crooks. This is no longer the case.”

Physical ATM attacks were first recorded back in 2009, typically involving the use of USB drives or CDs to infect operating systems.

While this strategy is still used by some, the report found that hackers are increasingly exploiting software bugs to “walk away with fully loaded wallets”.

One of the main problems is that the majority of machines run outdated software.

The Trend Micro researchers said that the use of Windows XP is still widespread, meaning that there are “at least hundreds of thousands” of ATMsrunning an operating system that is no longer protected against new bugs, vulnerabilities or exploits.

In other cases, hackers can use phishing emails directed at bank employees to access the network, which can help them uncover private details about cash machines.

Once inside, they can install remote malware or spread across the bank’s wider computer system.

And using malware means the criminals at the top of the food chain no longer have to visit the machines. Instead, they now employing “money mules” to do the dirty work.

Trend Micro noted that network infections require more technical skill than traditional attacks, but found that cybercriminals are learning quickly. Indeed, only last year, ATM hacks in Taiwan –allegedly the work of an Eastern European gang – netted a massive $2m.

The malware itself is also growing in sophistication. In 2015, experts from Proofpoint, a cybersecurity firm, revealed a strain known as “GreenDispenser” had been designed in a way that would leave “little if any trace of how the ATM was robbed”.